Tag Archives: Security and Compliance

Synchronize client-side encrypted files with Google Drive for Desktop on Windows and Mac OS

Quick summary 

Admins for select Google Workspace editions can update their client-side encryption configurations to include Drive for Desktop. When enabled, users can synchronize their Google Drive, Docs, Sheets, and Slides files with Drive for Desktop on Windows & Mac OS devices. Synced, encrypted files will appear as shortcuts on Windows and symbolic links on Mac OS.




Support for Mac OS users on File Provider will be introduced in a future release — we will provide an update on the Workspace Updates blog at that time.


Additionally, this also allows client-side encryption users in your domain to encrypt and upload local files to Google Drive.


Getting started 


Rollout pace 


Availability 

Synchronize encrypted files 
  • Available to all Google Workspace customers, as well as legacy G Suite Basic and 

Business customers Encrypt and upload local files 

  • Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Education Teaching & Learning Upgrade, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

New security alerts for highly sensitive changes to Google Workspace configurations

What’s changing 

In the Alert Center, admins will now be notified of select critical and sensitive changes made to their Google Workspace configurations. Specifically, we will issue an alert when any of the following events are surfaced in the audit log: 
  • Changes to the primary admin 
  • SSO profile added: when a third-party SSO profile has been added and enabled for your organization. 
  • SSO profile updated: when a third-party SSO profile has been updated for your organization. 
  • SSO profile deleted: when a third-party SSO profile has been deleted for your organization. 
  • Password reset for super admins: when a password was reset for a super admin account. 

We plan to introduce alerts for more high risk actions over time — we will provide updates here once available. 





Who’s impacted 

Admins 


Why it’s important 

These additional intelligent alerts will closely monitor several sensitive actions, making it easier for admins to stay on top of high risk changes to their environment and potentially malicious actions being taken by bad actors. 


For each alert, admins and super admins will receive an email notification with key information regarding the event. Once the alert is received, admins can use the security investigation tool to further investigate the incident. 


Getting started 


Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – June 24, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all legacy Google Workspace and G Suite customers. 


Frictionless sharing across Google Drive, Docs, Sheets, and Slides 
In the effort to make collaboration simpler for users, we've introduced a new sharing experience in Workspace. Now, when you click the "Share" button in the top-right corner of your file, you'll see a streamlined design that makes it easier to share files with others and/or specific groups of people in your organizations, control whether your file is searchable to groups with access, and to copy the file link. | Learn more

new-sharing-experience

Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details. 



Data Loss Prevention for Drive helps protect sensitive data when users upload files to external Google Forms, now generally available 
Users can now respond to external forms that contain file upload questions, while also helping to prevent the leak of sensitive and confidential information. | Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, and Education Plus customers. | Learn more


New options for styling fonts in Google Forms 
We’ve added additional font style and sizing options, and the ability to customize header, subheader, and body text separately in Google Forms. | Learn more


Adjust spacing between content in Sites using new density theme setting 
Site editors can now adjust the spacing between the content on their site with a custom theme setting that offers Compact, Cozy, or Comfortable spacing options. | Learn more


Easily print your Tasks List 
You can now print personal and Chat spaces Task lists on web, making it easier for you to track assigned items offline or plan with pen and paper if that’s your preference. | Learn more. 


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Data Loss Prevention for Drive helps protect sensitive data when users upload files to external Google Forms, now generally available

Quick summary 

In April, we announced a beta that allows users to respond to external forms that contain file upload questions, while also helping to prevent the leak of sensitive and confidential information. 

This feature is now generally available and will apply your domain’s existing Data Loss Prevention (DLP) for Drive policies to files that your users submit to Google Forms, without creating new rules or updating any existing ones. 

dlp-file-uploads-to-external-forms

Getting started 

  • Admins: 
    • DLP for Drive rules defined for your domain will be applied to files submitted to file upload questions in Google Forms outside your domain. 
    • If you are not using DLP for Drive, you can create DLP rules at the domain, OU, or group level in the Admin console under Security > Data protection. You can apply block, warn or audit actions. Visit the Help Center to learn more about turning Workspace DLP on for your organization. 
  • End users: 
    • End users can respond to forms as usual, but can now respond to forms outside their domain, including forms that have file upload questions. 
    •  If a form violates DLP for Drive rules for their domain, end users may see warnings or be blocked from submitting. 

Rollout pace  


Availability 

  • Available to Google Workspace Enterprise Standard, Enterprise Plus, Education Fundamentals, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Frontline, the Teaching and Learning Upgrade, and Nonprofits, as well as legacy G Suite Basic and Business customers 
  • Not available to users with personal Google Accounts 

Resources  

Google Workspace Updates Weekly Recap – June 17, 2022

New updates

There are no new updates to share this week. Please see below for a recap of published announcements. 

Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.

Improved email notifications for Google Calendar invites 
We’ve refreshed the layout of emails sent by Google Calendar to make key event details more accessible and useful. | Learn more

De-reverberation available for Google Meet 
Google Meet will now remove reverberations from sound recorded by your microphone. This automatically filters out echos created by spaces with hard surfaces, such as a basement or a kitchen, helping to ensure optimal audio quality. | Available to Google Workspace Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Enterprise Plus, Education Plus, the Teaching and Learning upgrade, and Frontline customers only. | Learn more

VirusTotal integration with the security investigation tool provides deeper insight into Chrome events 
You can now use VirusTotal to view deeper insights on Chrome log events in the Security Investigation Tool. | Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers only. | Learn more

Manage Google Voice call recording options for your organization 
Admins can set Google Voice call recording options (automatic or manual) for any organizational unit or group in their organization. | Automatic voice recording is available to all Google Voice Premier customers. On-demand voice recording is available to all Google Voice Premier and Standard customers. | Learn more

Improved experience for removing participants from Google Meet calls 
We’ve updated the user experience for removing participants from a meeting in Google Meet. When a host or co-host removes a participant from a call, they are prompted with additional actions: remove the user from the call, fill out an additional abuse report, and/or block the user from rejoining. | Learn more

Export search results to .CSV files from the security investigation tool 
Admins can now download log event data from the security investigation tool as a .CSV file. This will allow admins to further analyze data outside of the tool. | Learn more

Picture-in-Picture and multi-pinning available for Google Meet in Chrome 
We’re bringing picture-in-picture to Google Meet to Chrome browsers on the web. You’ll be able to see up to four video tiles of meeting attendees in a floating window on top of other applications. | Learn more.  


For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Export search results to .CSV files from the security investigation tool

Quick summary 

In addition to a Google Sheets file, admins can now download log event data from the security investigation tool to as a .CSV file. This will allow admins to further analyze data outside of the tool. The export limit for .CSV files is 100,000 rows.




Note: Sharing permissions for exported Sheets files will default to your domain configuration (meaning, if newly created files are shared with everyone, the exported data will be available to everyone). 


Getting started 


Rollout pace 


Availability 

  • Available to all Google Workspace customers, as well as legacy G Suite Basic and Business customers 

Resources 

VirusTotal integration with the security investigation tool provides deeper insight into Chrome events

What’s changing 

You can now use VirusTotal to view deeper insights on Chrome log events in the Security Investigation Tool. This ability is already available for Gmail event logs



Who’s impacted 

Admins 


Why it’s important 

Admins can use the VirusTotal integration to view more information on Chrome log events, specifically to determine whether any content transfers via Chrome are malicious. 


Additional details 

VirusTotal provides an investigation layer on top of alerts but isn’t being used directly for detection or alerting. 


Data (file attachment hashes) is only shared to VirusTotal after the admin selects to view the VirusTotal report. No data is otherwise shared. 


VirusTotal data is shared with the broader security community. This enables security vendors to collaborate with each other, share important details, and take action to fight security threats. 


The VirusTotal report has two versions: Standard and Enhanced. The Standard version is displayed for admins who have the Security Center > VirusTotal > View report privilege, and who have one of the required Google Workspace editions. The Enhanced version is automatically displayed for paid VirusTotal subscribers who have an active virustotal.com login session with their VT Enterprise user account. Visit the Help Center for more information. 

Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Education Standard, and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as G Suite Basic and Business customers 

Resources 

Google Workspace Updates Weekly Recap – June 10, 2022

New updates 

Unless otherwise indicated, the features below are fully launched or in the process of rolling out (rollouts should take no more than 15 business days to complete), launching to both Rapid and Scheduled Release at the same time (if not, each stage of rollout should take no more than 15 business days to complete), and available to all legacy Google Workspace and G Suite customers. 

Find and insert GIFs faster on Google Chat on iOS Devices 
You can now easily browse, select and insert GIFs while using the Chat iOS mobile app. When enabled by your admin, select the “GIF” icon in the Google Chat compose bar. We hope this makes it easier for you to express yourself when interacting with your colleagues. | Learn more


Set a custom duration for "Do Not Disturb" in Google Chat on web and iOS devices 
You can now set the duration of your "Do Not Disturb" status to a specific date and time. We hope this feature gives you the flexibility to mute notifications the way it best suits you. This feature is now available on web, Android and iOS devices. | Learn more


Previous announcements 

The announcements below were published on the Workspace Updates blog earlier this week. Please refer to the original blog posts for complete details.


New admin controls for access to discoverable spaces in Google Chat 
We’ve added the ability for Admins to set the default for newly created spaces and enable sharing scoped to specific audiences. | Learn more

Available to Google Workspace Business Plus, Enterprise Standard, Enterprise Plus, Education Plus, and Education Standard customers. 


Context-Aware Access remediator provides more context for access denials 
Admins using Context-Aware Access can now provide more information to end users when their access is blocked using the user remediation feature. | Learn more.

Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers. 


Mark your important tasks with a star in Google Tasks 
You can now mark important tasks with a star in Google Tasks. Additionally, you’ll be able to view or sort your starred items across various tasks lists in the new starred view. | Learn more
 
For a recap of announcements in the past six months, check out What’s new in Google Workspace (recent releases).

Context-Aware Access remediator provides more context for access denials

What’s changing 

Admins using Context-Aware Access can now provide more information to end users when their access is blocked using the user remediation feature. This feature will help end users quickly understand what steps they need to take to re-access Google Workspace. 


Who’s impacted 

Admins and end users 


Why it’s important 

Context-Aware Access allows admins to assign granular access control policies to apps based on attributes such as user identity, location, device security status, IP address, etc. When a user or device does not meet the requirements, they will be unable to access the respective apps. 


Currently, the only course of action for end users is to contact their admin for further support, which causes unnecessary delay, churn, and support calls. End user remediation will enable admins to provide their users with details about why their access has been denied and what steps need to be taken to restore access. 


Further, once an admin enables remediation, they’ll see a message in the Admin console noting whether remediation is enabled. Each remediation action corresponds to an attribute which is causing access to be denied. Visit the Help Center for a list of the possible remediation actions that may be shown to end users. 


Getting Started 

  • Admins: Admins can apply the new remediation messaging within the Context-aware Access section of the admin UI by navigating to Security > Context-Aware Access > User Message. Visit the Help Center to learn more about allowing users to unblock apps with remediation messages in Context Aware Access. 



  • End Users: End users will see the following message if they try to access a Google Workspace app when access is not allowed. 




Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Education Plus, and Cloud Identity Premium customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Enterprise Standard, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

Resources 

Copy your client-side encrypted Google Docs, Sheets, and Slides files

Quick summary 

If you have client-side encryption enabled for Docs, Sheets and Slides, you can now make a copy of an existing encrypted document, spreadsheet or presentation. Encryption will be preserved when copies of the file are made. This feature makes it easier to leverage existing content as a baseline for new encrypted Docs, Sheets, or Slides. 



Getting started 


Rollout pace 


Availability 

  • Available to Google Workspace Enterprise Plus, Education Standard and Education Plus customers 
  • Not available to Google Workspace Essentials, Business Starter, Business Standard, Business Plus, Enterprise Essentials, Education Fundamentals, Frontline, and Nonprofits, as well as legacy G Suite Basic and Business customers 

Resources